Complete Splunk beginner here.
I am learning to use Splunk. We have a bunch of Windows machines that we want to pull the logs from.
This is what I understand from the docs, but please correct me if I am wrong.
1. Install Splunk Light full version on one of the servers.
2. Install universal forwarders on however number of machines you want (tick the logs you want to forward and give the ip address and port number of the Splunk Light instance) default 9997.
3. Go to Splunk Web, now I go to forward data, but it says there are no deployment clients configured to talk to this Splunk instance! I didn't get this deployment server and deployment client. Do I need a deployment server in my scenario? Where are all the forwarders are supposed to forward events to in a single instance of Splunk Light?
4. I started seeing the host under search tab, under host. (Is this how the forwarder is supposed to work?) as the hosts added pop-up here.
Thanks. The docs are confusing as there is a mix up of Splunk Enterprise with Splunk Light and they are not comprehensive enough for the multitude of options you can configure with Splunk.
↧